cxf-issues mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Sergey Beryozkin <sberyoz...@gmail.com>
Subject Re: [jira] [Resolved] (CXF-4051) Custom OAuth scopes are not supported
Date Fri, 13 Apr 2012 15:47:27 GMT
Hi

On 13/04/12 16:30, jordi wrote:
> Hi Sergey,
> I've downloaded 2.5.3-SNAPSHOT-43 and I'm afraid the problem still remains.
>
> In org.apache.cxf.rs.security.oauth.services.RequestTokenHandler handle()
> method we can find:
>
>              List<String>  scopes = OAuthUtils.parseParamValue(
>                      oAuthMessage.getParameter(OAuthConstants.X_OAUTH_SCOPE),
> defaultScope);
>
>              RequestTokenRegistration reg = new RequestTokenRegistration();
>              reg.setClient(client);
>              reg.setCallback(callback);
>              reg.setState(oAuthMessage.getParameter("*state*"));
>
> And OAuthConstants.X_OAUTH_SCOPE is defined as:
>              public static final String X_OAUTH_SCOPE = "*scope*";
>
> So extra OAuth parameters use "scope" and "state" names, but with net.oauth
> 1.0 reference implementation, when authorization header is built inside
> net.oauth.OAuthMessage getAuthorizationHeader() method only parameters whose
> names begin with "oauth_" are included:
>              for (Map.Entry parameter : parameters) {
>                  String name = toString(parameter.getKey());
>                  *if (name.startsWith("oauth_")) {*
>                      if (into.length()>  0) into.append(",");
>                      into.append(" ");
>                      into.append(OAuth.percentEncode(name)).append("=\"");
>
> into.append(OAuth.percentEncode(toString(parameter.getValue()))).append('"');
>                  }
>              }
>
> To solve the problem "scope", "state" should be renamed to something like
> "oauth_scope" and "oauth_state"

AFAIK, 'oauth' is reserved in OAuth 1.0 for the parameters defined in 
the spec. Please use OAuthClientUtils to build the authorization header, 
in CXF we do not depend on the 'consumer' part of the Google library, 
(at the demo level only). I have a demo in the Talend distro that works 
with custom scopes...

Cheers, Sergey

>
> --
> View this message in context: http://cxf.547215.n5.nabble.com/jira-Created-CXF-4051-Custom-OAuth-scopes-are-not-supported-tp5164840p5638679.html
> Sent from the cxf-issues mailing list archive at Nabble.com.


-- 
Sergey Beryozkin

Talend Community Coders
http://coders.talend.com/

Blog: http://sberyozkin.blogspot.com

Mime
View raw message